To elaborate on backrow's posting, security/metasploit has been avaialble since OpenBSD 4.9. Here's a link to the cvs log entries for the port's Makefile, in which you can see it's history for the last 16 months: